Change default ban time to 1 week
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Some checks reported errors
continuous-integration/drone/push Build encountered an error
This commit is contained in:
parent
826c345aef
commit
a3a23cf77e
GPG key ID:
DA7B27055C66D6DE
2 changed files with 18 additions and 2 deletions
|
|
@ -65,11 +65,14 @@
|
|||
|
||||
- name: Deploy main config
|
||||
ansible.builtin.template:
|
||||
src: etc/crowdsec/config.yaml.j2
|
||||
dest: /etc/crowdsec/config.yaml
|
||||
src: "etc/crowdsec/{{ item }}.yaml.j2"
|
||||
dest: "/etc/crowdsec/{{ item }}.yaml.local"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
with_items:
|
||||
- "config"
|
||||
- "profiles"
|
||||
notify: restart crowdsec
|
||||
|
||||
- name: Deploy whitelist
|
||||
|
|
|
|||
13
templates/etc/crowdsec/profiles.yaml.j2
Normal file
13
templates/etc/crowdsec/profiles.yaml.j2
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
name: default_ip_remediation
|
||||
#debug: true
|
||||
filters:
|
||||
- Alert.Remediation == true && Alert.GetScope() == "Ip"
|
||||
decisions:
|
||||
- type: ban
|
||||
duration: 168h
|
||||
# notifications:
|
||||
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
|
||||
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
|
||||
# - http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
|
||||
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
|
||||
on_success: break
|
||||
Loading…
Add table
Add a link
Reference in a new issue